track failed unlock attempts in storage (#1421)

2026-01-07 11:03:54 +00:00 · 2021-06-09 10:03:05 -04:00
parent 80a33e98a2
commit 33791a03ac
7 changed files with 82 additions and 7 deletions
--- a/src/App/Pages/Accounts/LockPageViewModel.cs
+++ b/src/App/Pages/Accounts/LockPageViewModel.cs
@@ -8,6 +8,7 @@ using Bit.Core.Models.Domain;
 using Bit.Core.Utilities;
 using System;
 using System.Threading.Tasks;
+using Bit.App.Utilities;
 using Bit.Core.Models.Request;
 using Xamarin.Forms;

@@ -37,7 +38,6 @@ namespace Bit.App.Pages
        private string _biometricButtonText;
        private string _loggedInAsText;
        private string _lockedVerifyText;
-        private int _invalidPinAttempts = 0;
        private Tuple<bool, bool> _pinSet;

        public LockPageViewModel()
@@ -208,6 +208,7 @@ namespace Bit.App.Pages
                        if (!failed)
                        {
                            Pin = string.Empty;
+                            await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                            await SetKeyAndContinueAsync(key);
                        }
                    }
@@ -217,6 +218,7 @@ namespace Bit.App.Pages
                            kdf.GetValueOrDefault(KdfType.PBKDF2_SHA256), kdfIterations.GetValueOrDefault(5000));
                        failed = false;
                        Pin = string.Empty;
+                        await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                        await SetKeyAndContinueAsync(key);
                    }
                }
@@ -226,8 +228,8 @@ namespace Bit.App.Pages
                }
                if (failed)
                {
-                    _invalidPinAttempts++;
-                    if (_invalidPinAttempts >= 5)
+                    var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
+                    if (invalidUnlockAttempts >= 5)
                    {
                        _messagingService.Send("logout");
                        return;
@@ -278,6 +280,7 @@ namespace Bit.App.Pages
                        _vaultTimeoutService.PinProtectedKey = await _cryptoService.EncryptAsync(key.Key, pinKey);
                    }
                    MasterPassword = string.Empty;
+                    await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                    await SetKeyAndContinueAsync(key);

                    // Re-enable biometrics
@@ -288,6 +291,12 @@ namespace Bit.App.Pages
                }
                else
                {
+                    var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
+                    if (invalidUnlockAttempts >= 5)
+                    {
+                        _messagingService.Send("logout");
+                        return;
+                    }
                    await _platformUtilsService.ShowDialogAsync(AppResources.InvalidMasterPassword,
                        AppResources.AnErrorHasOccurred);
                }
--- a/src/App/Pages/Accounts/LoginPageViewModel.cs
+++ b/src/App/Pages/Accounts/LoginPageViewModel.cs
@@ -6,6 +6,7 @@ using Bit.Core.Exceptions;
 using Bit.Core.Utilities;
 using System;
 using System.Threading.Tasks;
+using Bit.App.Utilities;
 using Xamarin.Forms;

 namespace Bit.App.Pages
@@ -125,6 +126,7 @@ namespace Bit.App.Pages
                {
                    await _storageService.RemoveAsync(Keys_RememberedEmail);
                }
+                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                await _deviceActionService.HideLoadingAsync();
                if (response.TwoFactor)
                {
--- a/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
+++ b/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
@@ -5,6 +5,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 using System;
 using System.Threading.Tasks;
+using Bit.App.Utilities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Domain;
@@ -182,6 +183,7 @@ namespace Bit.App.Pages
            try
            {
                var response = await _authService.LogInSsoAsync(code, codeVerifier, redirectUri);
+                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                if (RememberOrgIdentifier)
                {
                    await _storageService.SaveAsync(Keys_RememberedOrgIdentifier, OrgIdentifier);
--- a/src/App/Services/MobileStorageService.cs
+++ b/src/App/Services/MobileStorageService.cs
@@ -39,6 +39,7 @@ namespace Bit.App.Services
            Constants.iOSExtensionBiometricIntegrityKey,
            Constants.EnvironmentUrlsKey,
            Constants.InlineAutofillEnabledKey,
+            Constants.InvalidUnlockAttempts,
        };

        private readonly HashSet<string> _migrateToPreferences = new HashSet<string>
--- a/src/App/Utilities/AppHelpers.cs
+++ b/src/App/Utilities/AppHelpers.cs
@@ -440,5 +440,20 @@ namespace Bit.App.Utilities
            }
            return previousPage;
        }
+
+        public static async Task<int> IncrementInvalidUnlockAttemptsAsync()
+        {
+            var storageService = ServiceContainer.Resolve<IStorageService>("storageService");
+            var invalidUnlockAttempts = await storageService.GetAsync<int>(Constants.InvalidUnlockAttempts); 
+            invalidUnlockAttempts++;
+            await storageService.SaveAsync(Constants.InvalidUnlockAttempts, invalidUnlockAttempts);
+            return invalidUnlockAttempts;
+        }
+        
+        public static async Task ResetInvalidUnlockAttemptsAsync()
+        {
+            var storageService = ServiceContainer.Resolve<IStorageService>("storageService");
+            await storageService.RemoveAsync(Constants.InvalidUnlockAttempts);
+        }
    }
 }